The server obviously doesn't do a magic check or it would see that it's an applet.
A "magic check" is probably the problem in the first place. GIF files typically start with the string "GIF89a", and have nothing consistent at the end. JAR files (which are ZIP files) aren't required to have anything special at the beginning, but instead have their "signature" near the end of the file (this allows stuff like self-extracting archives to work).
So, your "magic" file could have two different entries:
Any file starting with "GIF89a" is a GIF file
Any file ending with a ZIP signature is a ZIP file
Depending on the order that these tests are performed, you'll get different results. Where the same file can be interpreted different ways, there is an avenue for attack.
The UTF-7 autodetection bug caused the same kind of problem. If the past couple of years have taught us anything, it's that we need to preserve datatypes along with the data itself, rather than trying to autodetect it later.
What happens when the file extension is something like ".dat", ".ogg", ".xml" or one of several other extensions that are used for more than one datatype?
File extensions are a Windows-specific and Apache-specific feature that don't uniquely identify the file type and have no meaning on most platforms. What needs to happen is that both the server and the browser need to do whatever is necessary to preserve the content-type (a.k.a. MIME type) of the original file.
File extensions are an implementation-specific distraction.
And we already know that high numbers of subscriptions that WoW shows at the very least indicate Blizzard were not far off with their design choices in this regard.
The rest of your post is good, but that part is flawed reasoning. You're making a statement about how a design Blizzard didn't choose compares with a design they chose based the money they make from the latter. We know that the current design is profitable, but that alone doesn't tell us anything about whether an alternative design would be more or less profitable.
Is a "private property" sign the same as a "no trespassing" sign in the U.S.? Here, it's pretty meaningless; It basically means "this is privately-owned property; you're here at the leasure of the owner(s) and may be asked to leave at any time".
The only legal requirement is that Google not set foot on property if it is marked as private property.
Is that even a legal requirement? A sign marked "private property" isn't the same thing as a sign saying "no trespassing" or "private property---no photographing from beyond this point". I've seen lots of mall parking lots that say "private property"; From what I understand, unless the sign is more specific, you can still show up and do pretty much anything you want until the owner (or his agent, e.g. a mall employee) asks you to leave.
I mean, really. What do we have now? The guy loses control, flips out, locks everyone out of the system, they are down for who knows how long as they bring in crackers and consultants and what not, and the guy goes to jail.
You should read the articles. It sounds like the Terry Childs's security policy, which his superiors and co-workers all knew about for a while, was to lock everyone except himself out of the routers. The city later hired a security officer, who pointed out the obvious risks in having one guy with all the passwords, so management pressed Terry for the passwords. Terry, thinking that management (or other incompetent fools) planned to do stupid things that would break the network, refused, and management then accused him of locking them out of the network, as if it was something new.
From what I can tell, it might be nothing more than a simple case of bad management and insubordination causing huge problems. The criminal charges might well be tossed, though I'm sure there is civil liability somewhere on both sides.
It really depends on who the "one person" is. Committees rarely design good crypto algorithms or protocols, for example. On the other hand, if you just pick the "one person" at random, you risk picking the wrong person.
I guess it's sort of like picking a dictator. If you pick the right person, and hold that person accountable, they will get things done more efficiently than a committee. If you pick the wrong person, they will get the wrong things done more efficiently than a committee.
Quiz: What kind painter would work for an employer who tells him he must use paintbrushes of a particular size, texture, and brand name, so that he may be more interchangeable?
Answer: One who couldn't find work elsewhere.
Don't do this. You'll lose your best people, sometimes before you've even hired them.
Either way when it was discovered I was assuming control of my work station to increase screen resolution to effectively use the IDE they had provided, well they slapped me on the wrist and brought me back down to 640x480 for security reasons of course. When I said fuck it and wrote a program that changed the resolution for me with the skills I had been taught in that class... Oddly enough instead of a passing grade my school year dramatically shortened. ie Explusion.
Yeah, I saw that start to happen at my school. I was one of the last people who got away with that sort of thing before everyone went OMG-psycho. Luckily, I graduated before it got too bad.
Right... How many otherwise competent sysadmins do you know who can't C code? I've known plenty. Usually the good coders get jobs as coders, rather than as sysadmins.
It's less a matter of "believing", it's a matter of "wanting".
When you ask people why they follow a particular religion (or lack of it), you often get an answer that boils down to something like, "I prefer X's beliefs better than Y's." Which story is actually more likely to be accurate often doesn't seem to factor into it. It's crazy.
I think religion encourages that sort of "mind over matter" thinking, but I've seen atheists do the same thing. At least they usually notice when you call them on it.
And that's how you start a religious flamewar! Pico rules!
It's not the duplication of effort that's the problem. It's paying multiple times for the same effort. Microsoft, being the monopoly it is, can maximize its profits by minimizing the resources it spends on development, as long as it spends just enough to maintain its monopoly position.
Plenty of people everyday come up with ideas similar to other people's ideas without any connection what so ever.
Just take a look at some of the *real* patent and patent attempts or essays etc.
True enough, but this thread is about a comment that claimed that what RMS says isn't worthy of respect. Sure, if RMS had been hit by a bus, someone else might have said what he said and done what he did, but the words/deeds themselves are worthy of respect, regardless of who said/did them.
Instead of focusing on criticizing Microsoft how about focus on making open source software that is not "as good" but rather "MUCH BETTER" than closed sourced equivalents?
Because Microsoft is devoting huge amounts of resources toward making that impossible. Microsoft has declared war on its competition and everyone who helps them. You can't win a war just by strengthening yourself.
So it makes perfect sense to try to divert resources away from things that hurt us, in addition to directing resources toward things that help us.
If RMS is high on your list of respected people, you have never actually listened to what he says.
Please. What do you suggest as the reason why someone would respect RMS? His good looks? His impeccable cleanliness? His tact? His unmatched skill at singing and songwriting?
RMS is respect-worthy for two reasons: What he says, and perhaps more importantly, what he has done. RMS pretty much single-handedly and deliberately created the free software ecosystem. Like it or not, without RMS, Linux would never have been anything but a 386 assembly-language pet project, the Mozilla project would never have happened, "Open Source" would never have happened, and Microsoft might even have a full-blown monopoly on web technologies by now.
Agree or disagree with him, if you can't imagine why anyone would respect RMS, then you need to research what's happened over the last 25 years.
and no, getting rid of proprietary software won't magically fix disease, starvation, etc
Oh be creative! Free software is, as far as the whole of society is concerned, much cheaper than proprietary software, because society only has to pay to solve (the software portion of) a particular problem once. Therefore, if problems are solved using free software instead of proprietary software, society will have a lot of money left over to spend on fixing disease, starvation, etc.
But we don't even have to argue about free vs. proprietary software in general. This discussion is about free software versus Microsoft software, and it's fairly well-established that Microsoft software has a much higher TCO than best-of-breed free software.
When you consider how much money Microsoft drains from various countries' economies, it's easy to see how the money could be put to better use.
Slashdot Mirror
The server obviously doesn't do a magic check or it would see that it's an applet.
A "magic check" is probably the problem in the first place. GIF files typically start with the string "GIF89a", and have nothing consistent at the end. JAR files (which are ZIP files) aren't required to have anything special at the beginning, but instead have their "signature" near the end of the file (this allows stuff like self-extracting archives to work).
So, your "magic" file could have two different entries:
Depending on the order that these tests are performed, you'll get different results. Where the same file can be interpreted different ways, there is an avenue for attack.
The UTF-7 autodetection bug caused the same kind of problem. If the past couple of years have taught us anything, it's that we need to preserve datatypes along with the data itself, rather than trying to autodetect it later.
What happens when the file extension is something like ".dat", ".ogg", ".xml" or one of several other extensions that are used for more than one datatype?
File extensions are a Windows-specific and Apache-specific feature that don't uniquely identify the file type and have no meaning on most platforms. What needs to happen is that both the server and the browser need to do whatever is necessary to preserve the content-type (a.k.a. MIME type) of the original file.
File extensions are an implementation-specific distraction.
And we already know that high numbers of subscriptions that WoW shows at the very least indicate Blizzard were not far off with their design choices in this regard.
The rest of your post is good, but that part is flawed reasoning. You're making a statement about how a design Blizzard didn't choose compares with a design they chose based the money they make from the latter. We know that the current design is profitable, but that alone doesn't tell us anything about whether an alternative design would be more or less profitable.
Is a "private property" sign the same as a "no trespassing" sign in the U.S.? Here, it's pretty meaningless; It basically means "this is privately-owned property; you're here at the leasure of the owner(s) and may be asked to leave at any time".
The only legal requirement is that Google not set foot on property if it is marked as private property.
Is that even a legal requirement? A sign marked "private property" isn't the same thing as a sign saying "no trespassing" or "private property---no photographing from beyond this point". I've seen lots of mall parking lots that say "private property"; From what I understand, unless the sign is more specific, you can still show up and do pretty much anything you want until the owner (or his agent, e.g. a mall employee) asks you to leave.
I mean, really. What do we have now? The guy loses control, flips out, locks everyone out of the system, they are down for who knows how long as they bring in crackers and consultants and what not, and the guy goes to jail.
You should read the articles. It sounds like the Terry Childs's security policy, which his superiors and co-workers all knew about for a while, was to lock everyone except himself out of the routers. The city later hired a security officer, who pointed out the obvious risks in having one guy with all the passwords, so management pressed Terry for the passwords. Terry, thinking that management (or other incompetent fools) planned to do stupid things that would break the network, refused, and management then accused him of locking them out of the network, as if it was something new.
From what I can tell, it might be nothing more than a simple case of bad management and insubordination causing huge problems. The criminal charges might well be tossed, though I'm sure there is civil liability somewhere on both sides.
It really depends on who the "one person" is. Committees rarely design good crypto algorithms or protocols, for example. On the other hand, if you just pick the "one person" at random, you risk picking the wrong person.
I guess it's sort of like picking a dictator. If you pick the right person, and hold that person accountable, they will get things done more efficiently than a committee. If you pick the wrong person, they will get the wrong things done more efficiently than a committee.
Yeah, it was stupid. On the other hand, it didn't require a costly reverse-engineering effort to find and fix the stupidity.
Just make sure it's not a box full of decommissioned hard drives.
Answer: One who couldn't find work elsewhere.
Don't do this. You'll lose your best people, sometimes before you've even hired them.
On the contrary. I would say that being a mother doesn't make it better or worse. A person was murdered. That is enough.
What, so in the "Web 2.0" world, it would inconceivable that somebody would provide a web-accessible yacc service to the world?
Either way when it was discovered I was assuming control of my work station to increase screen resolution to effectively use the IDE they had provided, well they slapped me on the wrist and brought me back down to 640x480 for security reasons of course. When I said fuck it and wrote a program that changed the resolution for me with the skills I had been taught in that class... Oddly enough instead of a passing grade my school year dramatically shortened. ie Explusion.
Yeah, I saw that start to happen at my school. I was one of the last people who got away with that sort of thing before everyone went OMG-psycho. Luckily, I graduated before it got too bad.
Right... How many otherwise competent sysadmins do you know who can't C code? I've known plenty. Usually the good coders get jobs as coders, rather than as sysadmins.
It's less a matter of "believing", it's a matter of "wanting".
When you ask people why they follow a particular religion (or lack of it), you often get an answer that boils down to something like, "I prefer X's beliefs better than Y's." Which story is actually more likely to be accurate often doesn't seem to factor into it. It's crazy.
I think religion encourages that sort of "mind over matter" thinking, but I've seen atheists do the same thing. At least they usually notice when you call them on it.
And that's how you start a religious flamewar! Pico rules!
Yeah, it's pretty pathetic that people tried to turn this into a Jocks vs Nerds playground battle when an mother was murdered.
So had Hans and Nina had no children, it would have been okay?
Ran out of roo
Do you think that would be the case if it weren't for free software?
It's not the duplication of effort that's the problem. It's paying multiple times for the same effort. Microsoft, being the monopoly it is, can maximize its profits by minimizing the resources it spends on development, as long as it spends just enough to maintain its monopoly position.
Plenty of people everyday come up with ideas similar to other people's ideas without any connection what so ever.
Just take a look at some of the *real* patent and patent attempts or essays etc.
True enough, but this thread is about a comment that claimed that what RMS says isn't worthy of respect. Sure, if RMS had been hit by a bus, someone else might have said what he said and done what he did, but the words/deeds themselves are worthy of respect, regardless of who said/did them.
Its compatible with Diesm, and monotheistic religions both Abrahamic and non Abrahamic.
I guess that covers everybody.
One may dislike Bill and MS, but the foundation Bill started has really done some great things.
Like interfering with the scientific process.
Instead of focusing on criticizing Microsoft how about focus on making open source software that is not "as good" but rather "MUCH BETTER" than closed sourced equivalents?
Because Microsoft is devoting huge amounts of resources toward making that impossible. Microsoft has declared war on its competition and everyone who helps them. You can't win a war just by strengthening yourself.
So it makes perfect sense to try to divert resources away from things that hurt us, in addition to directing resources toward things that help us.
If RMS is high on your list of respected people, you have never actually listened to what he says.
Please. What do you suggest as the reason why someone would respect RMS? His good looks? His impeccable cleanliness? His tact? His unmatched skill at singing and songwriting?
RMS is respect-worthy for two reasons: What he says, and perhaps more importantly, what he has done. RMS pretty much single-handedly and deliberately created the free software ecosystem. Like it or not, without RMS, Linux would never have been anything but a 386 assembly-language pet project, the Mozilla project would never have happened, "Open Source" would never have happened, and Microsoft might even have a full-blown monopoly on web technologies by now.
Agree or disagree with him, if you can't imagine why anyone would respect RMS, then you need to research what's happened over the last 25 years.
and no, getting rid of proprietary software won't magically fix disease, starvation, etc
Oh be creative! Free software is, as far as the whole of society is concerned, much cheaper than proprietary software, because society only has to pay to solve (the software portion of) a particular problem once. Therefore, if problems are solved using free software instead of proprietary software, society will have a lot of money left over to spend on fixing disease, starvation, etc.
But we don't even have to argue about free vs. proprietary software in general. This discussion is about free software versus Microsoft software, and it's fairly well-established that Microsoft software has a much higher TCO than best-of-breed free software.
When you consider how much money Microsoft drains from various countries' economies, it's easy to see how the money could be put to better use.
fucking commie bastard
capitalism forever!
Yeah!! Because lowering barriers-to-entry into the market and encouraging businesses to be competitive are so communistic.
Oh wait...